Vulnerabilities > CVE-2016-10165 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 7.1 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH

Summary

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

Vulnerable Configurations

Part Description Count
Application
Littlecms
23
Application
Redhat
1
Application
Netapp
35
OS
Debian
1
OS
Canonical
4
OS
Opensuse
1
OS
Redhat
21

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2401.NASL
    descriptionAccording to the version of the lcms2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.(CVE-2016-10165) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131893
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131893
    titleEulerOS 2.0 SP2 : lcms2 (EulerOS-SA-2019-2401)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131893);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2016-10165"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : lcms2 (EulerOS-SA-2019-2401)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the lcms2 package installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerability :
    
      - The Type_MLU_Read function in cmstypes.c in Little CMS
        (aka lcms2) allows remote attackers to obtain sensitive
        information or cause a denial of service via an image
        with a crafted ICC profile, which triggers an
        out-of-bounds heap read.(CVE-2016-10165)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2401
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?61673fc5");
      script_set_attribute(attribute:"solution", value:
    "Update the affected lcms2 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:lcms2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["lcms2-2.6-3.h1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lcms2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-14.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes : - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-01-10
    plugin id105714
    published2018-01-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105714
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-14.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105714);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-10165", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243", "CVE-2017-10274", "CVE-2017-10281", "CVE-2017-10285", "CVE-2017-10295", "CVE-2017-10345", "CVE-2017-10346", "CVE-2017-10347", "CVE-2017-10348", "CVE-2017-10349", "CVE-2017-10350", "CVE-2017-10355", "CVE-2017-10356", "CVE-2017-10357", "CVE-2017-10388");
    
      script_name(english:"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)");
      script_summary(english:"Check for the openSUSE-2018-14 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_7_0-openjdk fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2017-10356: Fix issue inside subcomponent Security
        (bsc#1064084).
    
      - CVE-2017-10274: Fix issue inside subcomponent Smart Card
        IO (bsc#1064071).
    
      - CVE-2017-10281: Fix issue inside subcomponent
        Serialization (bsc#1064072).
    
      - CVE-2017-10285: Fix issue inside subcomponent RMI
        (bsc#1064073).
    
      - CVE-2017-10295: Fix issue inside subcomponent Networking
        (bsc#1064075).
    
      - CVE-2017-10388: Fix issue inside subcomponent Libraries
        (bsc#1064086).
    
      - CVE-2017-10346: Fix issue inside subcomponent Hotspot
        (bsc#1064078).
    
      - CVE-2017-10350: Fix issue inside subcomponent JAX-WS
        (bsc#1064082).
    
      - CVE-2017-10347: Fix issue inside subcomponent
        Serialization (bsc#1064079).
    
      - CVE-2017-10349: Fix issue inside subcomponent JAXP
        (bsc#1064081).
    
      - CVE-2017-10345: Fix issue inside subcomponent
        Serialization (bsc#1064077).
    
      - CVE-2017-10348: Fix issue inside subcomponent Libraries
        (bsc#1064080).
    
      - CVE-2017-10357: Fix issue inside subcomponent
        Serialization (bsc#1064085).
    
      - CVE-2017-10355: Fix issue inside subcomponent Networking
        (bsc#1064083).
    
      - CVE-2017-10102: Fix incorrect handling of references in
        DGC (bsc#1049316).
    
      - CVE-2017-10053: Fix reading of unprocessed image data in
        JPEGImageReader (bsc#1049305).
    
      - CVE-2017-10067: Fix JAR verifier incorrect handling of
        missing digest (bsc#1049306).
    
      - CVE-2017-10081: Fix incorrect bracket processing in
        function signature handling (bsc#1049309).
    
      - CVE-2017-10087: Fix insufficient access control checks
        in ThreadPoolExecutor (bsc#1049311).
    
      - CVE-2017-10089: Fix insufficient access control checks
        in ServiceRegistry (bsc#1049312).
    
      - CVE-2017-10090: Fix insufficient access control checks
        in AsynchronousChannelGroupImpl (bsc#1049313).
    
      - CVE-2017-10096: Fix insufficient access control checks
        in XML transformations (bsc#1049314).
    
      - CVE-2017-10101: Fix unrestricted access to
        com.sun.org.apache.xml.internal.resolver (bsc#1049315).
    
      - CVE-2017-10107: Fix insufficient access control checks
        in ActivationID (bsc#1049318).
    
      - CVE-2017-10074: Fix integer overflows in range check
        loop predicates (bsc#1049307).
    
      - CVE-2017-10110: Fix insufficient access control checks
        in ImageWatched (bsc#1049321).
    
      - CVE-2017-10108: Fix unbounded memory allocation in
        BasicAttribute deserialization (bsc#1049319).
    
      - CVE-2017-10109: Fix unbounded memory allocation in
        CodeSource deserialization (bsc#1049320).
    
      - CVE-2017-10115: Fix unspecified vulnerability in
        subcomponent JCE (bsc#1049324).
    
      - CVE-2017-10118: Fix ECDSA implementation timing attack
        (bsc#1049326).
    
      - CVE-2017-10116: Fix LDAPCertStore following referrals to
        non-LDAP URL (bsc#1049325).
    
      - CVE-2017-10135: Fix PKCS#8 implementation timing attack
        (bsc#1049328).
    
      - CVE-2017-10176: Fix incorrect handling of certain EC
        points (bsc#1049329).
    
      - CVE-2017-10074: Fix integer overflows in range check
        loop predicates (bsc#1049307).
    
      - CVE-2017-10074: Fix integer overflows in range check
        loop predicates (bsc#1049307).
    
      - CVE-2017-10111: Fix checks in LambdaFormEditor
        (bsc#1049322).
    
      - CVE-2017-10243: Fix unspecified vulnerability in
        subcomponent JAX-WS (bsc#1049332).
    
      - CVE-2017-10125: Fix unspecified vulnerability in
        subcomponent deployment (bsc#1049327).
    
      - CVE-2017-10114: Fix unspecified vulnerability in
        subcomponent JavaFX (bsc#1049323).
    
      - CVE-2017-10105: Fix unspecified vulnerability in
        subcomponent deployment (bsc#1049317).
    
      - CVE-2017-10086: Fix unspecified in subcomponent JavaFX
        (bsc#1049310).
    
      - CVE-2017-10198: Fix incorrect enforcement of certificate
        path restrictions (bsc#1049331).
    
      - CVE-2017-10193: Fix incorrect key size constraint check
        (bsc#1049330).
    
    Bug fixes :
    
      - Drop Exec Shield workaround to fix crashes on recent
        kernels, where Exec Shield is gone (bsc#1052318).
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049305"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049310"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049311"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049312"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049319"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049321"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049325"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049326"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049328"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049329"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049331"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049332"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064072"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064073"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064077"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064079"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064081"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064083"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064086"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1_7_0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-accessibility-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-devel-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-headless-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-debugsource-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-demo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-devel-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-headless-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-javadoc-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-src-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-accessibility-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-devel-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-headless-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-debugsource-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-demo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-devel-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-headless-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-javadoc-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-src-1.7.0.161-45.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk-bootstrap / etc");
    }
    
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2017_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D (Little CMS 2) - Deployment - Hotspot - JAX-WS - JAXP - Javadoc - Libraries - Networking - RMI - Security - Serialization - Smart Card IO - Util (zlib)
    last seen2020-06-01
    modified2020-06-02
    plugin id103964
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103964
    titleOracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(103964);
      script_version("1.6");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id(
        "CVE-2016-9841",
        "CVE-2016-10165",
        "CVE-2017-10274",
        "CVE-2017-10281",
        "CVE-2017-10285",
        "CVE-2017-10293",
        "CVE-2017-10295",
        "CVE-2017-10309",
        "CVE-2017-10345",
        "CVE-2017-10346",
        "CVE-2017-10347",
        "CVE-2017-10348",
        "CVE-2017-10349",
        "CVE-2017-10350",
        "CVE-2017-10355",
        "CVE-2017-10356",
        "CVE-2017-10357",
        "CVE-2017-10388"
      );
      script_bugtraq_id(
        101315,
        101319,
        101321,
        101328,
        101333,
        101338,
        101341,
        101348,
        101354,
        101355,
        101369,
        101378,
        101382,
        101384,
        101396,
        101413
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)");
      script_summary(english:"Checks the version of the JRE.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host contains a programming platform that is affected
    by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is prior to 9 Update 1, 8 Update 151,
    7 Update 161, or 6 Update 171. It is, therefore, affected by multiple
    vulnerabilities related to the following components :
    
      - 2D (Little CMS 2)
      - Deployment
      - Hotspot
      - JAX-WS
      - JAXP
      - Javadoc
      - Libraries
      - Networking
      - RMI
      - Security
      - Serialization
      - Smart Card IO
      - Util (zlib)");
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ffb85cfa");
      # https://www.oracle.com/technetwork/java/javase/9-0-1-relnotes-3883752.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dfeae1af");
      # http://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bbe7f5cf");
      # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fbcacca");
      # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?726f7054");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle JDK / JRE 9 Update 1, 8 Update 151 / 7 Update 161 /
    6 Update 171 or later. If necessary, remove any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK / JRE 6 Update 95 or later.");
      script_set_attribute(attribute:"agent", value:"unix");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9841");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      # Fixes : (JDK|JRE) 9 Update 1 / 8 Update 151 / 7 Update 161 / 6 Update 171
      if (
        ver =~ '^1\\.6\\.0_([0-9]|[0-9][0-9]|1[0-6][0-9]|170)([^0-9]|$)' ||
        ver =~ '^1\\.7\\.0_([0-9]|[0-9][0-9]|1[0-5][0-9]|160)([^0-9]|$)' ||
        ver =~ '^1\\.8\\.0_([0-9]|[0-9][0-9]|1[0-4][0-9]|150)([^0-9]|$)' ||
        ver =~ '^1\\.9\\.0_00?([^0-9]|$)'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_151 / 1.7.0_161 / 1.8.0_151 / 1.9.0_1\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
    
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installations on the remote host are not affected.");
      else
        audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions);
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-803.NASL
    descriptionAn out of bounds read was found in lcms2, which can lead to heap memory leak or denial of service via a specially crafted ICC profile. For Debian 7
    last seen2020-03-17
    modified2017-01-27
    plugin id96818
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96818
    titleDebian DLA-803-1 : lcms2 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-803-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96818);
      script_version("3.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2016-10165");
    
      script_name(english:"Debian DLA-803-1 : lcms2 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An out of bounds read was found in lcms2, which can lead to heap
    memory leak or denial of service via a specially crafted ICC profile.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    2.2+git20110628-2.2+deb7u2.
    
    We recommend that you upgrade your lcms2 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/01/msg00038.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/lcms2"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblcms2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblcms2-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblcms2-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"liblcms2-2", reference:"2.2+git20110628-2.2+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"liblcms2-dev", reference:"2.2+git20110628-2.2+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"liblcms2-utils", reference:"2.2+git20110628-2.2+deb7u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1211.NASL
    descriptionAccording to the version of the lcms2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.(CVE-2016-10165) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134500
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134500
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : lcms2 (EulerOS-SA-2020-1211)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134500);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2016-10165"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : lcms2 (EulerOS-SA-2020-1211)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the lcms2 package installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerability :
    
      - The Type_MLU_Read function in cmstypes.c in Little CMS
        (aka lcms2) allows remote attackers to obtain sensitive
        information or cause a denial of service via an image
        with a crafted ICC profile, which triggers an
        out-of-bounds heap read.(CVE-2016-10165)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1211
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?783a6e51");
      script_set_attribute(attribute:"solution", value:
    "Update the affected lcms2 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:lcms2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["lcms2-2.6-3.h2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lcms2");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2658.NASL
    descriptionFrom Red Hat Security Advisory 2016:2658 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94621
    published2016-11-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94621
    titleOracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2016-2658)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:2658 and 
    # Oracle Linux Security Advisory ELSA-2016-2658 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94621);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2016-10165", "CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5573", "CVE-2016-5582", "CVE-2016-5597");
      script_xref(name:"RHSA", value:"2016:2658");
    
      script_name(english:"Oracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2016-2658)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:2658 :
    
    An update for java-1.7.0-openjdk is now available for Red Hat
    Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise
    Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
    Environment and the OpenJDK 7 Java Software Development Kit.
    
    Security Fix(es) :
    
    * It was discovered that the Hotspot component of OpenJDK did not
    properly check arguments of the System.arraycopy() function in certain
    cases. An untrusted Java application or applet could use this flaw to
    corrupt virtual machine's memory and completely bypass Java sandbox
    restrictions. (CVE-2016-5582)
    
    * It was discovered that the Hotspot component of OpenJDK did not
    properly check received Java Debug Wire Protocol (JDWP) packets. An
    attacker could possibly use this flaw to send debugging commands to a
    Java program running with debugging enabled if they could make
    victim's browser send HTTP requests to the JDWP port of the debugged
    application. (CVE-2016-5573)
    
    * It was discovered that the Libraries component of OpenJDK did not
    restrict the set of algorithms used for Jar integrity verification.
    This flaw could allow an attacker to modify content of the Jar file
    that used weak signing key or hash algorithm. (CVE-2016-5542)
    
    Note: After this update, MD2 hash algorithm and RSA keys with less
    than 1024 bits are no longer allowed to be used for Jar integrity
    verification by default. MD5 hash algorithm is expected to be disabled
    by default in the future updates. A newly introduced security property
    jdk.jar.disabledAlgorithms can be used to control the set of disabled
    algorithms.
    
    * A flaw was found in the way the JMX component of OpenJDK handled
    classloaders. An untrusted Java application or applet could use this
    flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554)
    
    * A flaw was found in the way the Networking component of OpenJDK
    handled HTTP proxy authentication. A Java application could possibly
    expose HTTPS server authentication credentials via a plain text
    network connection to an HTTP proxy if proxy asked for authentication.
    (CVE-2016-5597)
    
    Note: After this update, Basic HTTP proxy authentication can no longer
    be used when tunneling HTTPS connection through an HTTP proxy. Newly
    introduced system properties jdk.http.auth.proxying.disabledSchemes
    and jdk.http.auth.tunneling.disabledSchemes can be used to control
    which authentication schemes can be requested by an HTTP proxy when
    proxying HTTP and HTTPS connections respectively."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-November/006461.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-November/006462.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-November/006497.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.7.0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"java-1.7.0-openjdk-1.7.0.121-2.6.8.1.0.1.el5_11")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.0.1.el5_11")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.0.1.el5_11")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.0.1.el5_11")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.0.1.el5_11")) flag++;
    
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-1.7.0.121-2.6.8.1.0.1.el6_8")) flag++;
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.0.1.el6_8")) flag++;
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.0.1.el6_8")) flag++;
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.0.1.el6_8")) flag++;
    if (rpm_check(release:"EL6", reference:"java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.0.1.el6_8")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-1.7.0.121-2.6.8.0.0.1.el7_3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-accessibility-1.7.0.121-2.6.8.0.0.1.el7_3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.0.0.1.el7_3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.0.0.1.el7_3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.0.1.el7_3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.0.0.1.el7_3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-src-1.7.0.121-2.6.8.0.0.1.el7_3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc");
    }
    
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2017.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D (Little CMS 2) - Deployment - Hotspot - JAX-WS - JAXP - Javadoc - Libraries - Networking - RMI - Security - Serialization - Smart Card IO - Util (zlib)
    last seen2020-06-01
    modified2020-06-02
    plugin id103963
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103963
    titleOracle Java SE Multiple Vulnerabilities (October 2017 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(103963);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id(
        "CVE-2016-9841",
        "CVE-2016-10165",
        "CVE-2017-10274",
        "CVE-2017-10281",
        "CVE-2017-10285",
        "CVE-2017-10293",
        "CVE-2017-10295",
        "CVE-2017-10309",
        "CVE-2017-10345",
        "CVE-2017-10346",
        "CVE-2017-10347",
        "CVE-2017-10348",
        "CVE-2017-10349",
        "CVE-2017-10350",
        "CVE-2017-10355",
        "CVE-2017-10356",
        "CVE-2017-10357",
        "CVE-2017-10388"
      );
      script_bugtraq_id(
        101315,
        101319,
        101321,
        101328,
        101333,
        101338,
        101341,
        101348,
        101354,
        101355,
        101369,
        101378,
        101382,
        101384,
        101396,
        101413
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)");
      script_summary(english:"Checks the version of the JRE.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a programming platform that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is prior to 9 Update 1, 8 Update 151,
    7 Update 161, or 6 Update 171. It is, therefore, affected by
    multiple vulnerabilities related to the following components :
    
      - 2D (Little CMS 2)
      - Deployment
      - Hotspot
      - JAX-WS
      - JAXP
      - Javadoc
      - Libraries
      - Networking
      - RMI
      - Security
      - Serialization
      - Smart Card IO
      - Util (zlib)");
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ffb85cfa");
      # https://www.oracle.com/technetwork/java/javase/9-0-1-relnotes-3883752.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dfeae1af");
      # http://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bbe7f5cf");
      # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fbcacca");
      # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?726f7054");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle JDK / JRE 9 Update 1, 8 Update 151 / 7 Update 161 /
    6 Update 171 or later. If necessary, remove any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK / JRE 6 Update 95 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9841");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed.nasl");
      script_require_keys("SMB/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("SMB/Java/JRE/*");
    
    info = "";
    vuln = 0;
    installed_versions = "";
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "SMB/Java/JRE/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      # Fixes : (JDK|JRE) 9 Update 1 / 8 Update 151 / 7 Update 161 / 6 Update 171
      if (
        ver =~ '^1\\.6\\.0_([0-9]|[0-9][0-9]|1[0-6][0-9]|170)([^0-9]|$)' ||
        ver =~ '^1\\.7\\.0_([0-9]|[0-9][0-9]|1[0-5][0-9]|160)([^0-9]|$)' ||
        ver =~ '^1\\.8\\.0_([0-9]|[0-9][0-9]|1[0-4][0-9]|150)([^0-9]|$)' ||
        ver =~ '^1\\.9\\.0_00?([^0-9]|$)'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_171 / 1.7.0_161 / 1.8.0_151 / 1.9.0_1\n';
      }
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else
    {
      installed_versions = substr(installed_versions, 3);
      if (" & " >< installed_versions)
        exit(0, "The Java "+installed_versions+" installations on the remote host are not affected.");
      else
        audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions);
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2999.NASL
    descriptionAn update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 151. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)
    last seen2020-06-01
    modified2020-06-02
    plugin id104116
    published2017-10-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104116
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:2999)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0005-1.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues: Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes : - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105538
    published2018-01-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105538
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2658.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94623
    published2016-11-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94623
    titleRHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:2658)
  • NASL familyWindows
    NASL idORACLE_JROCKIT_CPU_OCT_2017.NASL
    descriptionThe version of Oracle JRockit installed on the remote Windows host is R28.3.15. It is, therefore, affected by multiple vulnerabilities. See advisory for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id103932
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103932
    titleOracle JRockit R28.3.15 Multiple Vulnerabilities (October 2017 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3455-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : - Security update to version 7.1.4.15 [bsc#1070162] - CVE-2017-10349:
    last seen2020-06-01
    modified2020-06-02
    plugin id105506
    published2018-01-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105506
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:3455-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3440-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : - CVE-2017-10349:
    last seen2020-06-01
    modified2020-06-02
    plugin id105482
    published2017-12-28
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105482
    titleSUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:3440-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1492.NASL
    descriptionAccording to the version of the lcms2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.(CVE-2016-10165) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-16
    plugin id135654
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135654
    titleEulerOS Virtualization 3.0.2.2 : lcms2 (EulerOS-SA-2020-1492)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3411-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues: Security issues fixed : - Security update to version 8.0.5.5 (bsc#1070162) - CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10309 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105462
    published2017-12-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105462
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:3411-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3046.NASL
    descriptionAn update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 7. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change.
    last seen2020-06-01
    modified2020-06-02
    plugin id104139
    published2017-10-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104139
    titleRHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:3046)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3268.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP15. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2016-10165, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)
    last seen2020-06-01
    modified2020-06-02
    plugin id104840
    published2017-11-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104840
    titleRHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:3268)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3770-1.NASL
    descriptionIbrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10165) Quang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16435). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117631
    published2018-09-21
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117631
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : lcms2 vulnerabilities (USN-3770-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2079.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94140
    published2016-10-20
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94140
    titleCentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:2079)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3453.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544, CVE-2017-10053, CVE-2017-10067, CVE-2017-10078, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) For details on how to apply this update, which includes the changes described in this advisory, refer to : https://access.redhat.com/articles/11258 For this update to take effect, Red Hat Satellite must be restarted (
    last seen2020-06-01
    modified2020-06-02
    plugin id105267
    published2017-12-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105267
    titleRHEL 6 : Satellite Server (RHSA-2017:3453)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3267.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2016-10165, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)
    last seen2020-06-01
    modified2020-06-02
    plugin id104839
    published2017-11-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104839
    titleRHEL 6 : java-1.8.0-ibm (RHSA-2017:3267)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0061-1.NASL
    descriptionThis update for java-1_7_0-ibm fixes the following issues : - Security update to version 7.0.10.15 (bsc#1070162) : - CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105744
    published2018-01-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105744
    titleSUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0061-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2601.NASL
    descriptionAccording to the version of the lcms2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.(CVE-2016-10165) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132136
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132136
    titleEulerOS 2.0 SP3 : lcms2 (EulerOS-SA-2019-2601)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2163.NASL
    descriptionAccording to the version of the lcms2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.(CVE-2016-10165) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-12
    plugin id130872
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130872
    titleEulerOS 2.0 SP5 : lcms2 (EulerOS-SA-2019-2163)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2079.NASL
    descriptionFrom Red Hat Security Advisory 2016:2079 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94149
    published2016-10-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94149
    titleOracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-2079)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2658.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94740
    published2016-11-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94740
    titleCentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:2658)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2989-1.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues : - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed : - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes : - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104531
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104531
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2989-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3264.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2016-10165, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)
    last seen2020-06-01
    modified2020-06-02
    plugin id104802
    published2017-11-28
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104802
    titleRHEL 7 : java-1.8.0-ibm (RHSA-2017:3264)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2079.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id94150
    published2016-10-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94150
    titleRHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:2079)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3774.NASL
    descriptionIbrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in lcms2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applications using the lcms2 library.
    last seen2020-06-01
    modified2020-06-02
    plugin id96843
    published2017-01-30
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96843
    titleDebian DSA-3774-1 : lcms2 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3545-1.NASL
    descriptionThis update for lcms2 fixes the following security issues : CVE-2016-10165: The Type_MLU_Read function allowed remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggered an out-of-bounds heap read (bsc#1021364). CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet function in cmscgats.c, that could lead to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (bsc#1108813) Ensure that LUT stages match channel count (bsc#1026649). sanitize input and output channels on MPE profiles (bsc#1026650). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118500
    published2018-10-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118500
    titleSUSE SLED12 / SLES12 Security Update : lcms2 (SUSE-SU-2018:3545-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1269.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues : - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed : - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes : - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2017-11-13
    plugin id104527
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104527
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-1269)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0111_JAVA-1.8.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526) - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511) - It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re- use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509) - A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application. (CVE-2017-3544) - It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2017-3539) - A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application. (CVE-2017-3533) - It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) - It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) - A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) - It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). (CVE-2017-3231, CVE-2017-3261) - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) - It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) - It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). (CVE-2017-3272) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). (CVE-2017-3289) - It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. (CVE-2016-5542) - A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) - It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim
    last seen2020-06-01
    modified2020-06-02
    plugin id127348
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127348
    titleNewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)

Redhat

advisories
  • rhsa
    idRHSA-2016:2079
  • rhsa
    idRHSA-2016:2658
  • rhsa
    idRHSA-2017:2999
  • rhsa
    idRHSA-2017:3046
  • rhsa
    idRHSA-2017:3264
  • rhsa
    idRHSA-2017:3267
  • rhsa
    idRHSA-2017:3268
  • rhsa
    idRHSA-2017:3453
rpms
  • java-1.8.0-openjdk-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-demo-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-demo-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-devel-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-devel-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-headless-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-headless-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-javadoc-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-src-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-src-1:1.8.0.111-1.b15.el7_2
  • java-1.8.0-openjdk-src-debug-1:1.8.0.111-0.b15.el6_8
  • java-1.8.0-openjdk-src-debug-1:1.8.0.111-1.b15.el7_2
  • java-1.7.0-openjdk-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-accessibility-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-demo-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-demo-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-devel-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-devel-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-headless-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.7.0-openjdk-src-1:1.7.0.121-2.6.8.0.el7_3
  • java-1.7.0-openjdk-src-1:1.7.0.121-2.6.8.1.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.121-2.6.8.1.el6_8
  • java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7
  • java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7
  • java-1.8.0-ibm-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-demo-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-src-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-demo-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-plugin-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-src-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.7.1-ibm-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-demo-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-devel-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-plugin-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-src-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9

References